use of org.xmldb.api.base.Collection in project exist by eXist-db.
the class XMLDBSecurityTest method groupMemberChownGidResource.
/**
* Group Member can NOT change the owner gid of a resource
* to a group of which they are a member
*
* As the user 'test2' (who is in the group users)
* attempt to change ownership gid of /db/securityTest1/test.xml (which has uid 'test1' and gid 'users')
* to the group 'test2-only' (of which they are a member)
*/
@Test(expected = XMLDBException.class)
public void groupMemberChownGidResource() throws XMLDBException {
final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test2", "test2");
final Resource resource = test.getResource("test.xml");
final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
// attempt to have user 'test2' take gid ownership of /db/securityTest1/test.xml (which is owned by test1:users)
ums.chgrp(resource, "test2-only");
}
use of org.xmldb.api.base.Collection in project exist by eXist-db.
the class XMLDBSecurityTest method cannotCreateXmlResourceWithoutWritePermissionOnParentCollection.
@Test(expected = XMLDBException.class)
public void cannotCreateXmlResourceWithoutWritePermissionOnParentCollection() throws XMLDBException {
Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
ums.chmod("--x------");
test.close();
test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
final Resource resource = test.createResource("other.xml", XMLResource.RESOURCE_TYPE);
resource.setContent("<other/>");
test.storeResource(resource);
}
use of org.xmldb.api.base.Collection in project exist by eXist-db.
the class XMLDBSecurityTest method groupNonMemberChownGidCollection.
/**
* Group Member can NOT change owner gid of a collection
* to a group of which we are NOT a member
*
* As the user 'test2' (who is in the group users)
* attempt to change ownership gid of /db/securityTest1
* to the group 'guest' (of which they are NOT a member)
*/
@Test(expected = XMLDBException.class)
public void groupNonMemberChownGidCollection() throws XMLDBException {
final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test2", "test2");
final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
// attempt to take gid ownership of /db/securityTest1
ums.chgrp("guest");
}
use of org.xmldb.api.base.Collection in project exist by eXist-db.
the class XMLDBSecurityTest method canOpenRootCollectionWithExecute.
@Test
public void canOpenRootCollectionWithExecute() throws XMLDBException {
final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db", "admin", "");
final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
ums.chmod("--x--x--x");
test.close();
DatabaseManager.getCollection(getBaseUri() + "/db", "test1", "test1");
}
use of org.xmldb.api.base.Collection in project exist by eXist-db.
the class XMLDBSecurityTest method canReadXmlResourceWithOnlyReadPermission.
@Test
public void canReadXmlResourceWithOnlyReadPermission() throws XMLDBException {
Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
Resource resource = test.getResource("test.xml");
ums.chmod(resource, "r--------");
test.close();
test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
resource = test.getResource("test.xml");
assertEquals("<test/>", resource.getContent());
}
Aggregations